Loading...
 
Skip to main content

History: API

Source of version: 14

Copy to clipboard
            ! API
((Tiki24)) now has an API, leveraging [https://packagist.org/packages/swagger-api/swagger-ui|swagger-api/swagger-ui]

First commit: https://gitlab.com/tikiwiki/tiki/-/merge_requests/1028

!! Tiki 24+
A self-documented REST API has been added to Tiki 24 exposing the (arguably) most commonly used elements of the system.

!!! Getting Started
Enable API access via Admin -> Security tab.

!!! Documentation
See /api/ on your target Tiki installation for an OpenAPI 3.0 documentation of the API.
{REMARKSBOX(type="tip" title="Documentation page" close="n" store_cookie="n")}
Documentation page:
{img src="display1821" link="display1821" width="555" rel="box[g]" desc="Click to expand" styleimage="border" alt="Tiki API Documentation"}
{REMARKSBOX}

!!! Authorization
API requests should be authenticated with a token created by Tiki admin (via Admin -> Security tab). Each token gives their owner access with one and only one Tiki user. ((Permissions)) configuration is then based on that Tiki ((User-Groups|user's groups)).
Bearer token authorization header in format:
{CODE()}Authorization: Bearer TOKEN{CODE}

Tokens can be created in two ways:
1. Manually via Admin -> Security tab. Each token is associated with a user. Any API call using the token will act as the user observing all user's permissions.
2. Using Tiki OAuth 2.0 server. Documentation contains endpoints and parameters for different grant types.

!!! OAuth 2.0 Server
Tiki can act as an OAuth server. Admin -> Security tab has a link to manage authenticated clients. This section creates client IDs and secrets for 3rd party apps using Tiki API. Authorization flow can be:
1. Machine-to-machine - use client authorization grant type. Send your credentials directly to access_token endpoint to retrieve the access token.
2. End-user-to-machine - use auth flow grant type. Start by sending the user to authorize endpoint. This allows Tiki to ask target user for permission to grant access token with their user privileges. Once agreed, user is redirected back to your app/web app/machine where you do a machine-to-machine request to access_token endpoint to get the actual access token.
Access tokens generated by Tiki OAuth server are JWT encoded.

!!! Coverage
API endpoints include:
1. Authorization flow.
2. API version.
3. Category CRUD + object categorization.
4. Comments CRUD + thread locking and moderation.
5. Groups CRUD + user association.
6. Search index rebuild and lookup.
7. Trackers/Fields/Items CRUD + special features like dump/export, clone, duplicate, clear.
8. Manage object translations.
9. User registration and CRUD operations, messaging and emailing wiki pages.
10. Wiki pages CRUD, locking and parsing/display.

Major items still to be added:
1. Files and file galleries.
2. Articles, blogs, other wiki-related elements.
3. Calendars.
...todo

!!- Pre-Tiki 24 notes
Tiki can support wiki page updates (or data for most features in Tiki) by setting up ((data channels)) at this time. Adding a ((web service)) call to do it more directly would not be very hard so you can join in and ((dev:get your commit access))!

From tiki-admin.php, you can activate: "HTTP Basic Authentication: Check credentials from HTTP Basic Authentication, useful to allow webservices to use credentials." Related: ((Token Access))

!!! Use of Tiki services

Tiki's services live in -+lib/core/Services/+-. One can extrapolate the service URL from the file names and the names of the classes in the -+Controller.php+- files.
This only works if you have activated SEFURL feature.
Example:
For accessing information which is also available from searches in the Tiki site, the class is -+action_lookup()+- in file -+lib/core/Services/Search/Controller.php+-.
The path on tiki.org is: [https://tiki.org/tiki-search-lookup]
To refine the search, the arguments are the same as for [https://doc.tiki.org/PluginList-filter-control-block]
For example, in order to access the 45 first items from tracker 22, the syntax would be:
[https://tiki.org/tiki-search-lookup?filter~type=trackeritem&filter~tracker_id=22&maxRecords=45]

This works fine if called as ajax services from a page on the same Tiki.
If done from outside Tiki from another online server, only data visible for ''anonymous user'' (not logged in) will be shown.
In order to access data which is not visible to ''anonymous'' user, you may want to have a look at [https://doc.tiki.org/Token-Access].

!!! Controller pages
Where you can find more specific information and samples for the different controllers
* ((API Tracker))
* ...

!! Aliases
* (alias(service URL))
* (alias(URL arguments))
        

History

Information Version
Geoff Brickell 46
Geoff Brickell 45
Geoff Brickell 44
Marc Laporte 43
Geoff Brickell 42
Geoff Brickell 41
Geoff Brickell 40
Geoff Brickell 39
Merci Jacob 38
Merci Jacob Correct preference inconsistency 37
Jonny Bradley example added 36
Marc Laporte 35
luciash d' being 🧙 requirements: .htaccess must be enabled 34
Marcellin Wabo 33
Marcellin Wabo 32
Marcellin Wabo 31
Marcellin Wabo 30
Marcellin Wabo 29
Marc Laporte 28
Marcellin Wabo Add documentation link at the end of "Coverage" paragraph. 27
Marcellin Wabo 26
Marcellin Wabo 25
Marcellin Wabo 24
Marcellin Wabo 23
Marcellin Wabo 22
Marcellin Wabo 21
Marcellin Wabo 20
Marcellin Wabo 19
Marcellin Wabo 18
Marcellin Wabo 17
Marcellin Wabo 16
Marcellin Wabo 15
Marcellin Wabo 14
Marcellin Wabo 13
Marcellin Wabo 12
Victor Emanouilov 11
Marc Laporte 10
Marc Laporte 9
Marc Laporte 8
Bernard Sfez / Tiki Specialist 7
Bernard Sfez / Tiki Specialist Adding child pages to give more example to users 6
Jean-Marc Libs 5
Marc Laporte 4
Marc Laporte 3
Marc Laporte 2
Marc Laporte 1